Skip Menu |
 

Download (untitled) / with headers
text/plain 2.9KiB
From darrenr@chiron.nabaus.com.au Tue May 21 04:27:54 2002
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id EAA23768
for <bugs@RT-11.mit.edu>; Tue, 21 May 2002 04:27:54 -0400 (EDT)
Received: from orange.national.com.au (orange.national.com.au [203.57.240.81])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id EAA13914
for <krb5-bugs@mit.edu>; Tue, 21 May 2002 04:27:52 -0400 (EDT)
Received: by orange.national.com.au (Postfix, from userid 5)
id DDE8B144848; Tue, 21 May 2002 18:27:50 +1000 (EST)
Received: from orange(203.57.240.81) by orange.national.com.au via csmap (V4.1)
id srcAAAxfaO6d; Tue, 21 May 02 18:27:50 +1000
Received: from chiron.rais.nabaus.com.au (unknown [164.53.57.131])
by orange.national.com.au (Postfix) with ESMTP
id ACCA8144847; Tue, 21 May 2002 18:27:49 +1000 (EST)
Received: (from darrenr@localhost)
by chiron.rais.nabaus.com.au (8.8.8+Sun/8.8.8) id SAA12282;
Tue, 21 May 2002 18:27:47 +1000 (EST)
Message-Id: <200205210827.SAA12282@chiron.rais.nabaus.com.au>
Date: Tue, 21 May 2002 18:27:47 +1000 (EST)
From: darrenr@chiron.nabaus.com.au
Reply-To: darrenr@chiron.nabaus.com.au
To: krb5-bugs@mit.edu
Cc: darrenr@chiron.nabaus.com.au
Subject: login(8) sets KRB5CCNAME different to klist(1)
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 1110
>Category: krb5-appl
>Synopsis: login(8) sets KRB5CCNAME different to klist(1)
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue May 21 04:28:01 EDT 2002
>Last-Modified: Tue May 21 09:16:27 EDT 2002
>Originator: Darren Reed
>Organization:
Optimation
Show quoted text
>Release: krb5-1.2.5
>Environment:

System: SunOS chiron 5.5.1 Generic_103640-34 sun4u sparc SUNW,Ultra-2
Architecture: sun4

Show quoted text
>Description:
When logging in, login.krb5 sets $KRB5CCNAME to /tmp/krb5cc_p<PID>
whereas klist uses /tmp/krb5cc_<UID>. So if we are logged in to a
host and then telnet back to itself and login is ourself, klist will
not display any tickets.
Show quoted text
>How-To-Repeat:
L1$ unset KRB5CCNAME
L1$ kinit
<enter password>
L1$ klist
<displays tickets>
L1$ telnet -x localhost
L2$ klist
<no tickets displayed>
Show quoted text
>Fix:
login.krb5 should be more intelligent about its choice for $KRB5CCNAME.
If it can see a krb5cc_<UID> that is owned by the right UID and has
adequate permissions, perhaps it should set $KRB5CCNAME to that instead.
Show quoted text
>Audit-Trail:

State-Changed-From-To: open-closed
State-Changed-By: hartmans
State-Changed-When: Tue May 21 09:15:13 2002
State-Changed-Why:
We do not consider this a bug. We in general consider it desirable to
get a single
credentials cache per session, rather than per user.
WE'd probably also consider it OK if login.krb5 left KRB5CCNAME alone
if it obtained
no tickets, but the current behavior is also acceptable.

If you want tickets in a session, forward them.

Show quoted text
>Unformatted: